Russia hitherto controlled by Ukraine

This was one of the main fears of some experts at the time of the Russian invasion. “We feared a digital Pearl Harbor”explains Julien Nocetti, professor-researcher at the Saint-Cyr Coëtquidan military academy in Brittany, a specialist in Russian digital and cyber strategies, “but it didn’t happen”.

Russia is a cyber power whose attack capability no longer needs to be demonstrated. Since 2014 and the annexation of Crimea, Ukraine has been constantly attacked by Russian hackers. The most striking example is the use of NotPetya ransomware that paralyzed part of the Ukrainian economy in 2018. Its effects had largely spilled over the country’s borders. Even in France, several companies such as Saint-Gobain had been affected. More surprising still, the malware had also had undesirable effects as far away as Russia.

But since then, his attempts have ended in partial failures. On February 24, at the very beginning of the invasion in Ukraine, “an American ViaSat satellite was the target of a cyberattacktells the investigative cell of Radio France Stéphane Duguin of the CyberPeace Institute, based in Geneva. Your terrestrial modems fell victim to a malicious update. This satellite is widely used by the Ukrainian military. But it also had other clients, including people in France who use it to access the Internet. Outcome : “Nearly 10,000 French people found themselves offline, almost 40,000 people in total in Europe. And in Germany, we lost control of almost 6,000 wind turbines controlled by this satellite.”

Effects that are clearly far removed from what hackers are looking for, summarizes Rayna Stamboliyska, an expert in digital diplomacy: “The purpose of such a maneuver was to prevent the Ukrainians from coordinating with each other at the beginning of the invasion. Mr. Putin and his team were planning a hit-and-run invasion. That is why it would have been relevant to interrupt communications between the Ukrainian armed forces. forces to sow disorder, prevent them from reacting and resisting”. But that didn’t happen. In total, the CyberPeace Institute has documented around 30 Russian cyberattack campaigns, but again with fairly limited effects.

Unable to bring the Ukrainians to their knees through conventional cyberattacks, Russian hackers plunged into another aspect of digital warfare: information warfare. But then again, so far the Ukrainians are dominating the fight, according to Rayna Stamboliyska. she believes that “The contrast is striking between the cold, framed communication of the Russians and the spontaneous communication of the Ukrainians.”

“A former KGB propaganda specialist is betrayed by an actor-turned-president with his smartphone.”

Rayna Stamboliyska

in franceinfo

The Russian hackers, however, went to great lengths in their disinformation attempts. Some days ago, a video of President Volodymyr Zelensky appeared on social networks. A video faked by artificial intelligence called deepfake, explains Julien Nocetti: “It was about lending Mr. Zelensky words urging the population to surrender, to abandon the struggle and resistance. Again, in vain. But we can very well imagine in a few weeks depending on the escalation, deepfake videos of Emmanuel Macron. or Joe Biden announcing the launch of nuclear attacks against Russia. This could have an impact on audiences, populations and decision makers.”

On the left is an image taken from the fake video, on the right an image of Zelensky's speech on Ukrainian television.  (DR)

If, for the time being, Russia is kept in check, cyber experts remain cautious about the possible consequences of war. “The digital weapon can still be used in the rest of the conflictvalued Nicholas Arpagian cyber threat specialist as it is available. States can use it directly or through cybermercenaries: people who will carry out offensive attacks without formally incurring state responsibility.” In this area, Russia is well armed. Direct links between cybercriminal groups and the FSB (Russian secret services) have been documented very recently thanks to the “Leaks with you”a giant data leak from one of Eastern Europe’s leading hacker groups.

This group of hackers was made up of Russians, Belarusians but also Ukrainians who worked together until the invasion of Ukraine. Conti having taken a public stand for Vladimir Putin, Conti’s Ukrainians broke away and decided to split the group. But when they left, they took it upon themselves to leak thousands of internal documents to the dark web. The public was thus able to discover for the first time what was going on inside a large group of hackers. A blow to the criminal organization, of which we learned about its way of operating, its objectives, its income and its links with the Kremlin.

But that does not mean the end of Russian hacking, warns François Deruty, a cybersecurity expert and former deputy director of operations at the National Information Systems Security Agency (Anssi): “There is always a way to revive a group, or create a new one, that will use the same tools under a different name.” This data leak could even be a boon, the cybersecurity expert believes. “They are now available to the entire ecosystem of attackers, and we will probably find them used in six months or a year in other types of attacks.”

While Russia stagnates, the Ukrainians, on the contrary, are preparing. They have been developing defense capabilities for their systems for several years. And a few days before the war, they received valuable help from the United States, says researcher Julien Nocetti: “There has been close cooperation between kyiv, NATO and the United States to bolster cyber defense and the resilience of Ukraine’s infrastructure prior to the conflict. We are seeing closer cooperation between US intelligence, the NSA and the Ukrainians.” The Europeans also sent experts in the first hours of the conflict.

Added to this is the support of volunteers from all over the world. Two days after the start of the Russian invasion, Ukraine’s Minister of Digital Transformation announced the creation of a digital army or “IT army”. Then, thousands of people from all over the world joined a discussion forum on Telegram messaging to attack certain Russian targets, government sites or others. Today, these volunteer hackers even go so far as to identify and contact the families of Russian soldiers fighting in Ukraine, to warn them of the actions of their loved ones. A very wide field of action to try to disrupt the Russian offensive as best as possible.

These actions are not without risk, however, warns Rayna Stamboliyska: “The people who carry out these attacks have no other official mandate than to respond to a tweet and participate in a Telegram group. They are Ukrainians, but also Americans, French, Danes, and they meddle. Therefore, they are in violation.”

“It becomes even more problematic when Mr. Putin says that he can consider all the countries where these pirates live as belligerents in the context of an armed conflict.”

Rayna Stamboliyska

in franceinfo

Therefore, some Western countries fear possible digital retaliatory measures or cyberattacks that target Europe or the United States. The president of the United States, Joe Biden, clearly mentioned this risk a few days ago: “My administration has warned me that the Russians are planning cyber attacks against us. The Russian potential is very great and the threat is becoming clearer. The government is ready. National security is at stake.”

In the process, the US cyber defense agency published two notes accusing Russia having deposited implants in companies linked to the energy sector. These implants, like digital time bombs, could later be activated by some hackers with serious consequences. France itself discovered this type of implant: in 2018, Guillaume Poupard, CEO of Anssi announced before senators : “We have detected very worrying cases, including an attempted intrusion into mapping systems related to the energy sector, which had a single purpose: the preparation of future violent actions. Imagine the consequences on the functioning of a country of an attack on energy distribution. nets”.

“Knowing the objective of these attacks is always complicatedsays François Deruty, former Anssi deputy director of operations. We come across malicious codes, but as long as we don’t know if it’s simply about spying on communications or destroying them, we don’t really achieve the desired final effect. And it is difficult to return to the sponsor.”

Anssi had published a note on the subject at the time, but without ever mentioning Russia. “The French doctrine consists of not publicly naming the culprits as other countries do.Francois Deruty continues. We can discuss it bilaterally, we can use the diplomatic channel. There are other ways to point fingers or let people know that they know things.” However, according to our information, Russia seems to be behind this deposit of implants. A criminal group called Energetic Bear, close to Moscow and also seen in the United States under other names, would be behind these attacks.

Faced with these fears, France is preparing. Anssi published a note at the beginning of the war ask French companies to protect themselves. Vital operators (ministries, nuclear power plants, etc.) are especially under surveillance, especially in the run-up to big events like the 2023 Rugby World Cup or the 2024 Olympics. The military is also preparing. It conducted its annual crash test: a simulation of cyber attacks to facilitate the operation of the chain of command. This year, the theme of the exercise was “a country excluded from the Olympic Games decides to invade a border region of a state allied with France”. The implication is clear.

But if the fear is primarily about hacking, there is also the risk of a physical attack on network infrastructures. A hostile state could very well come later to submarine cables that connect countries, disrupting Internet communications. Bernard Barbier, former technical director of the Directorate General for External Security (DGSE) explains: “These cables are visible, placed on the bottom of the sea. They look like great garden hoses, easy to cut. You can very well with a submarine go to 5,000 m depth and cut them. If you cut one, there is no effect, but if you cut five or ten, there is a severe slowdown in the internet, and if there are no longer these cables, digital will collapse.

This fear is at the moment a fantasy for some experts, but it is based on a precedent: in 2015, a Russian oceanographic vessel, the Yantar, got too close to cables located near the US East Coast. The United States then suspected him of espionage. But if it is possible to hear a cable, it is also very possible to damage it.

Leave a Comment